OpenAI adds Lockdown Mode to ChatGPT to block data theft from prompt injection attacks

TL;DRChatGPT’s new Lockdown Mode disables live browsing, agent mode, and deep research to block data exfiltration via prompt injection. Available on all plans.

OpenAI has begun rolling out Lockdown Mode to ChatGPT, a new security setting designed to block attackers from stealing data through prompt injection attacks. The feature disables live web browsing, agent mode, deep research, image retrieval, Canvas networking, and file downloads. It is available to logged-in users across Free, Go, Plus, Pro, and self-serve ChatGPT Business plans.

Prompt injection remains what OpenAI calls a “frontier” problem affecting all large language models. The attack works by hiding malicious instructions in content the model processes, such as a webpage or uploaded file. If the model follows those instructions, it can be tricked into sending sensitive data to an attacker-controlled server.

Lockdown Mode does not stop injections from happening. A malicious payload embedded in a cached webpage or uploaded PDF can still influence the model’s behaviour. What it does is shut down the outbound pathways an attacker would use to exfiltrate the data. No live browsing means no network requests to external servers. No image retrieval means no pixel-based data channels.